Chapter 4 - Information Network Protection

Copyright(c), 1990, 1995 Fred Cohen - All Rights Reserved

Information networks (i.e. networks) are a central issue
today because of their widespread proliferation and the high degree
of dependency placed upon them by society. The most obvious example
is the telephone system which has been in place for over 50 years.
Airline reservation systems, and air traffic control systems are
networks heavily depended upon by every air traveller. Automatic
Teller Machines (ATMs) are networked systems available in almost
every shopping mall, and banks regularly exchange funds with computer
networks. Many personal computers have modems, and with the purchase
of a modem control program, a limited amount of free access to
nationwide computer networks is often provided. Many libraries use
computer networks for interlibrary loans. Most businesses use
computer networks to get credit information from credit bureaus.
Computer mail, file transfer, and remote terminal access has been in
widespread use for over 20 years.

This tremendous communications capability has also brought
about tremendous information protection problems. The telephone
system is often abused by 'fone phreaks' [TAP75] and obscene phone
callers, the airline reservation system is used to overbook flights,
and the air traffic control system is often overwhelmed by the
volume of information it must handle, thus creating potentially life
threatening situations [Spectrum87] . ATMs are often sights for
armed robbery, and fraudulent use of electronic funds transfer has
resulted in hundreds of millions of dollars in losses. Personal
computers have been used to break into many computer systems, to
spread information about how to defraud, and to spread malicious
programs throughout the nation. Interlibrary loans often delay the
availability of books, while credit bureau problems have caused many
people tremendous inconvenience, and many businesses substantial
amounts of money. In university and business networks, attackers have
exploited protection problems to penetrate hundreds of computers
throughout the nation [Reid83] , often extracting research results which are
not ready for widespread dissemination, attaining crucial business
information, or causing denial of services.

Questions:

1 - Identify, explain, and discuss:

a) Two opposing schools of thought on the network protection problem
b) Similarities and differences between OS and network protection
c) Four uses for cryptography in network protection
d) Covert channel and traffic analysis problems and solutions

2 - Explain the virtues and problems with these network architectures:

a) Star networks
b) Ethernets
c) Ring networks
d) Bus networks

3 - Explain virtues and problems with these communications technologies:

a) Collusion and configuration analysis in networks
b) Threats from gateways and techniques for eliminating them
c) Threats from file servers and techniques for eliminating them
d) Features of the ISO OSI protection policies and methods
e) Protection problems with network protocols